Field of the Invention
Embodiments of the invention relate to methods for providing a wireless mesh network as well as arrangements to provide a wireless mesh network.
Background of the Art
A wireless mesh network is a meshed network of terminals, described as “nodes”, which is implemented, by way of example, in a wireless local area network (WLAN). The nodes may be either infrastructure nodes or “end user nodes”, such as a notebook or a PDA.
In a mesh network, a mobile node can transfer data originating from another mobile node to still another mobile node or a base station. In a mesh network, long distances can be traversed, in particular on uneven or difficult terrain. Mesh networks additionally work very reliably, as every mobile node is connected to several other nodes. If a node fails, e.g., due to a hardware defect, its neighboring nodes seek out a different data transfer route. Mesh networks can include fixed or mobile devices.
When adding a new, generally mobile, node, an authentication takes place. This authentication is generally carried out using an authentication server “AAA server”; the mesh network can be coupled via a gateway component or a “mesh key distributor”, which provides encryption material, to an infrastructure network.
In order to authenticate nodes or computers, the EAP (extensible authentication protocol) is generally used. The EAP protocol is used in WLANs to secure network access. Various specific authentication procedures, known as EAP methods, can be transported via the EAP protocol, e.g., EAP-TLS, EAP-AKA, EAP-SIM, TTLS, PEAP-MSChapv2. In authentication, a cryptographic key or session key—MSK, EMSK (MSK: master session key; EMSK: extended master session key) is determined, which is subsequently used to protect data communications, as in link layer encryption. The authentication of a participant occurs between the participant (supplicant) and an authentication server (AAA server). If authentication is successful, the authentication server sends the result of authentication and the session key—MSK—originating from the authentication to an authenticator, such as a WLAN access point. Communication between the access point and the authentication server normally occurs via the radius or diameter data transfer protocol, in which the session key—MSK—is sent as a data attribute to the access point—AP—as part of an EAP success message. The session key—MSK—transferred is then used in an 802.11 4-way handshake—802.11 WHS—between the participant and the access point in accordance with IEEE standard 802.11.
Thus, authentication on the basis of an authentication server—AAA server—distinguishes between the roles of supplicant and authenticator, which, specifically, results in the supplicant authenticating itself via the authenticator to an AAA server, which, in turn, informs the authenticator of the result. Depending on the result, the authenticator either grants or denies the supplicant access to the mesh network.
While in a normal network, e.g., a WLAN-based network, a network login involves one client seeking access to one network, the situation in a mesh network is symmetrical, as the authentication takes place between two mesh nodes of the same type. This gives rise to the problem of needing to determine which of the two nodes acts as authenticator and which as supplicant.
From US2006/0200678, a so-called “role arbitration” is known. This is carried out using the MAC address, based on random values selected by each node on the basis of a “hop count” comparison or based on “processing capabilities.”
WO2006/119281 generally discloses a “role arbitration” between mesh nodes, with the role being determined based on random numbers.